Assessment

// Cybersecurity Risk Analysis

Assessment Overview

An Absio cybersecurity assessment is unique. Not just a network scan or a certification seal of approval, our comprehensive cybersecurity evaluations probe widely and deeply within the organization to identify vulnerabilities that could compromise assets, information, or business continuity. Then we deliver specific recommendations to mitigate the threats.

Assessment Components

Absio uses a combination of security testing tools, staff interviews, policy and documentation reviews, a proprietary self-assessment,[i] and site visit(s) to evaluate the client’s cybersecurity posture. This process serves to:

  • Identify and prioritize business assets based on value to the organization.
  • Review IT infrastructure architecture, policies, and assets and their impact on the organization.
  • Determine threats, such as natural disaster, system failure, human error, unauthorized access, misuse of information, data corruption/loss, data leaks, and service disruption.
  • Perform a vulnerability analysis of software and hardware to investigate potential weaknesses open to security breach.

NOTE: Site visits have been suspended due to the Covid-19 pandemic. Facility reviews can be scheduled for a later date.

Findings & Mitigation Plan

An Absio assessment delivers “traffic light” clarity on an organization’s cybersecurity posture, action items, and priority level. Our report includes detailed recommendations and a phased implementation plan, which clients can pursue independently or partner with Absio to execute. 

High Risk

Potentially catastrophic impact—
address immediately

Medium Risk

Moderate risk to the business—
resolve within 3 months

Low Risk

Opportunity to upgrade to
IT security best practices

Reassessment

Cybersecurity is not a “one and done” process. Risk analysis must be ongoing, keeping pace with an evolving threat landscape and adapting to change within the organization.

As operations shift and expand, new technologies are implemented, and key positions turn over, Absio can perform targeted assessments of potential risks associated with recent updates to help maintain strong asset and data protections.

Such reassessments should be performed at least annually or as an accompaniment to any significant modifications in the IT operating environment and/or resources.

[i] Based on the National Institute of Standards and Technology (NIST) SP 800-26, SP 800-53 Rev. 4, SP 800-53A Rev. 4 and FIPS 200

// Cybersecurity Risk Analysis

What Does Absio Assess?

Operations
  • Products and services
  • Transaction management systems
  • Supply chain management software
Personnel
  • Employees and contractors
  • Facility access
  • Onboarding and termination procedures
Physical Security
  • Monitoring and security tools and staffing
  • Visitor procedures
  • Ethernet and WiFi access
  • Desktop, laptop, and device security
Account & Data Security Controls
  • Authentication tools
  • Password requirements
  • File share access
  • Personal device use
  • Data classification, security, and retention policies
Disaster Recovery
  • Business continuity plan
  • Library change management
  • System maintenance
  • Backup procedures
Security Awareness & Education
  • Initial stakeholder training
  • Ongoing training and monitoring
  • Available resources
Compliance & Audit
  • Regulatory requirements (may be industry-specific)
  • IT security policy and procedures
  • Testing and refinement
// Cybersecurity Risk Analysis

Ready To Get Started?